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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply, received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )[X] Responsive to communication(s) filed on 15 June 2004 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [X] Claim(s) 1-32 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 1-32 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)[x] The drawing(s) filed on 12 January 2002 is/are: a)[x] accepted or b)0 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
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a)D All b)Q Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Information Disclosure Statement 

1. The information disclosure statement filed 01/12/02 fails to comply with 37 
CFR 1.98(a)(2), which requires a legible copy of each U.S. and foreign patent; 
each publication or that portion which caused it to be listed; and all other 
information or that portion which caused it to be listed. Those applications able 
to be found online have been considered, but references that could not be found 
are marked with a line through them and have not been considered. 



Claim Rejections - 35 USC § 103 
2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-16, 18-20, 22, 23, and 25-32 are rejected under 35 U.S.C. 103(a) as 

being unpatentable over Coile US 6,473,406 in view of Davis US 6,367,009. 

As per claim 1, Coile discloses sending a message from a client to a server to 
establish a connection, (Col 3 lines 24-30). Coile discloses intercepting the data 
at a security system (proxy) associated with the server to perform authentication 
functions, (Col 5 lines 57-60). 

Coile does not disclose that a message is sent to establish a "secure" connection. 
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Davis discloses sending a message (certificate message) to establish a secure SSL 
connection, (Col 11 lines 30-35). 

It would be obvious to one skilled in the art to add Davis's certificate message 
and SSL protocol to Coile' s proxy server. The proxy server of Coile using the 
certificate/SSL system of Davis would improve the security of the 
communications of the system. 

As per claim 2, Coile does not disclose determining server authentication. 

Davis discloses determining server authentication, (Col 10 line 35). 

As per claim 3, Coile discloses client authentication, (Col 5 lines 63-65). 

As per claim 4, Coile does not disclose digital certificates. 

Davis discloses validating digital certificates, (Col 10 lines 35-40). 

As per claim 5, Coile does not disclose encryption. 

Davis discloses SSL encryption and decryption, (Col 2 lines 10-15). 

As per claim 6, Coile does not disclose specific authentication techniques. 

Davis discloses a server requesting client authentication, and authenticating the 

client's certificate, (Col 1 1 lines 39-43). 

As per claim 7, Coile does not disclose digital signatures. 

Davis discloses the client including a digital signature which is authenticated, 

(Col 11, line 41). 

As per claims 8-11, 19, 22 26-32 Coile does not disclose SSL. 
Davis discloses the SSL connection algorithm. Davis discloses a client sending a 
"client hello" message indicating a request to establish a secure connection with 
the server, (Col 10 line 20, Fig 6). Davis discloses the Server sending a "server 
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hello" message, (Col 10 line 21, Fig 6). Davis discloses exchanging 
authentication information, (Col 10 lines 30-35). Davis discloses sending a 
"server hello done" (Col 10 line 33, Fig 6). Davis discloses that in the SSL 
protocol authentication information is exchanged between the client and server, 
(Col 10 lines 24,25, 41-44). Davis discloses the transaction completes in the SSL 
protocol, which includes a "client hello done" message, (Col 10 lines 43-47). 
It would be obvious to one skilled in the art to add the SSL protocol of Davis to 
the authentication proxy server of Coile to improve security and prevent 
unauthorized access. 

As per claim 12, Coile does not disclose CRL checking. 

Davis discloses the determining if the client is on a CRL (list), (Col 13, lines 35- 
42). 

As per claim 13, Coile does not disclose digital signatures. 

Davis discloses the client providing a digital signature for verification, (Col 1 1 

lines 40-44). 

As per claim 14, Coile does not disclose decryption. 

Davis discloses decryption using the SSL protocol, (Col 2 lines 10-14). 

As per claim 15, Coile discloses an application module (proxy server) to receive 

incoming data from a client destined for a given server and route the data to an 

authentication module (authentication program) to validate the identity of the 

client, (Col 3 lines 24-30, Col 5 lines 59, 60, 63, 64). Coile discloses the system 

is wired, (Fig 1). Coile does not disclose a wireless system, or encryption. 
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Davis discloses wireless clients (Fig 2). Davis discloses encryption and 
decryption through the SSL protocol, (Col 2 lines 10-14). 
As per claims 16, 18, 20, 23, and 25, the examiner takes official notice, it would 
be obvious to one skilled in the art to obtain the server certificate from a 
certificate authority at user defined intervals. 

Claims 17, and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Maher US 6,125,349. 

The Coile-Davis combination does not disclose short and long term certificates. 
Maher discloses use of short and long-term certificates, (Col 5 lines 5-20). 

It would be obvious to add the use of short and long-term certificates of Maher 
with Coile-Davis' s authentication system, so that the short-term certificates could 
be utilized after initial authentication, so that the server would not have to check 
the CRL until after the short-term certificate had expired. 

Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over Van 
Oorschot US 5,699,431 

As per claim 21, the Coile-Davis combination does not disclose updating the CRL. 
Van Oorshot discloses updating the CRL, (Col 4 lines 39-42). 
It would be obvious to add CRL updating to the Coile-Davis combination to 
prevent unauthorized certificate holders from accessing a protected resource. 
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Conclusion 



3. Any inquiry concerning this communication or earlier communications from 

the examiner should be directed to Christopher J Brown whose telephone number 

is 703-305-8023. The examiner can normally be reached on 8:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Gregory Morse can be reached on 703-308-4789. The fax phone 

number for the organization where this application or proceeding is assigned is 

703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Christopher J. Brown 
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